<?php

if (!defined('IN_DZZ')) {
    exit('Access Denied');
}

require_once libfile('function/seccode');
$action = $_GET['action'] ?? '';
if ($action == 'update') {

    $message = '';
    if ($_G['setting']['seccodestatus']) {
        $rand = random(5, 1);
        $flashcode = '';
        $idhash = isset($_GET['idhash']) && preg_match('/^\w+$/', $_GET['idhash']) ? $_GET['idhash'] : '';
        $ani = $_G['setting']['seccodedata']['animator'] ? '_ani' : '';
        if ($_G['setting']['seccodedata']['type'] == 2) {
            $message = '<span id="seccodeswf_' . $idhash . '"></span>' . (extension_loaded('ming') ? "<script type=\"text/javascript\" reload=\"1\">\ndocument.getElementById('seccodeswf_$idhash').innerHTML='" . lang('seccode_image' . $ani . '_tips') . "' + AC_FL_RunContent(
				'width', '" . $_G['setting']['seccodedata']['width'] . "', 'height', '" . $_G['setting']['seccodedata']['height'] . "', 'src', 'misc.php?mod=seccode&update=$rand&idhash=$idhash',
				'quality', 'high', 'wmode', 'transparent', 'bgcolor', '#ffffff',
				'align', 'middle', 'menu', 'false', 'allowScriptAccess', 'sameDomain');\n</script>" :
                    "<script type=\"text/javascript\" reload=\"1\">\ndocument.getElementById('seccodeswf_$idhash').innerHTML='" . lang('seccode_image' . $ani . '_tips') . "' + AC_FL_RunContent(
				'width', '" . $_G['setting']['seccodedata']['width'] . "', 'height', '" . $_G['setting']['seccodedata']['height'] . "', 'src', '$_G[siteurl]static/image/seccode/flash/flash2.swf',
				'FlashVars', 'sFile=" . rawurlencode("$_G[siteurl]misc.php?mod=seccode&update=$rand&idhash=$idhash") . "', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true', 'wmode', 'transparent');\n</script>");

        } elseif ($_G['setting']['seccodedata']['type'] == 3) {
            $flashcode = "<span id=\"seccodeswf_$idhash\"></span><script type=\"text/javascript\" reload=\"1\">\ndocument.getElementById('seccodeswf_$idhash').innerHTML='" . lang('seccode_sound_tips') . "' + AC_FL_RunContent(
				'id', 'seccodeplayer_$idhash', 'name', 'seccodeplayer_$idhash', 'width', '0', 'height', '0', 'src', '$_G[siteurl]static/image/seccode/flash/flash1.swf',
				'FlashVars', 'sFile=" . rawurlencode("$_G[siteurl]misc.php?mod=seccode&update=$rand&idhash=$idhash") . "', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true', 'wmode', 'transparent');\n</script>";
            $message = $flashcode . '<span style="padding:2px"><img border="0" style="vertical-align:middle" src="static/image/common/seccodeplayer.gif" /> <a href="javascript:;" onclick="window.document.seccodeplayer_{idhash}.SetVariable(\'isPlay\', 1)">' . lang(' play_verification_code') . '</a></span>';
        } else {
            if (!is_numeric($_G['setting']['seccodedata']['type'])) {

                $codefile = libfile('seccode/' . $_G['setting']['seccodedata']['type'], 'class');
                $class = $_G['setting']['seccodedata']['type'];

                if (file_exists($codefile)) {
                    @include_once $codefile;
                    $class = 'seccode_' . $class;
                    if (class_exists($class)) {
                        $code = new $class();
                        if (method_exists($code, 'make')) {
                            include template('common/header_ajax');
                            $code->make($_GET['idhash']);
                            include template('common/footer_ajax');
                            exit;
                        }
                    }
                }
                exit;
            } else {
                $message = '<img onclick="updateseccode(\'' . $idhash . '\')" width="' . $_G['setting']['seccodedata']['width'] . '" height="' . $_G['setting']['seccodedata']['height'] . '" src="misc.php?mod=seccode&update=' . $rand . '&idhash=' . $idhash . '" class="img-seccode" title="' . lang('refresh_verification_code') . '" alt="" />';
            }
        }
    }
    include template('common/header_ajax');
    echo lang($message, array('flashcode' => $flashcode, 'idhash' => $idhash));
    include template('common/footer_ajax');

} elseif ($action == 'check') {

    include template('common/header_ajax');
    echo check_seccode($_GET['secverify'], $_GET['idhash']) ? 'succeed' : 'invalid';
    include template('common/footer_ajax');

} else {
    $refererhost = parse_url(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    $refererhost['host'] = ($refererhost['host'] ?? '') . (!empty($refererhost['port']) ? (':' . $refererhost['port']) : '');
    if (($_G['setting']['seccodedata']['type'] < 2 && ($refererhost['host'] != $_SERVER['HTTP_HOST'])) || !$_G['setting']['seccodestatus'] || (($_G['setting']['seccodedata']['type'] == 2 && !extension_loaded('ming') && $_POST['fromFlash'] != 1 || $_G['setting']['seccodedata']['type'] == 3 && $_GET['fromFlash'] != 1))) {
        exit('Access Denied');
    }

    $seccode = make_seccode($_GET['idhash']);
    if (!isset($_G['setting']['nocacheheaders'])) {
        @header("Expires: -1");
        @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
        @header("Pragma: no-cache");
    }

    require_once libfile('class/seccode');
    $code = new seccode();
    $code->code = $seccode;
    $code->type = (in_array($_G['setting']['seccodedata']['type'], array(2, 3))) ? 0 : $_G['setting']['seccodedata']['type'];
    $code->width = $_G['setting']['seccodedata']['width'];
    $code->height = $_G['setting']['seccodedata']['height'];
    $code->background = $_G['setting']['seccodedata']['background'];
    $code->adulterate = $_G['setting']['seccodedata']['adulterate'];
    $code->ttf = $_G['setting']['seccodedata']['ttf'];
    $code->angle = $_G['setting']['seccodedata']['angle'];
    $code->warping = $_G['setting']['seccodedata']['warping'];
    $code->scatter = $_G['setting']['seccodedata']['scatter'];
    $code->color = $_G['setting']['seccodedata']['color'];
    $code->size = $_G['setting']['seccodedata']['size'];
    $code->shadow = $_G['setting']['seccodedata']['shadow'];
    $code->animator = $_G['setting']['seccodedata']['animator'];
    $code->fontpath = DZZ_ROOT . './static/image/seccode/font/';
    $code->datapath = DZZ_ROOT . './static/image/seccode/';
    $code->includepath = DZZ_ROOT . './core/class/';
    $code->display();

}
?>